72 min
Real-Time Fraud Prevention: Zero to Hero with Matt Vega
Every few years our industry rediscovers the same debate: should fraud and cybersecurity teams actually sit together?
And honestly, usually both sides hate the idea immediately.
Not because they dislike each other. Mostly because both teams are already overwhelmed and nobody wants another meeting.
But over the last couple of years, something changed.
The signals started converging.
Credential stuffing became account takeover. Account takeover became fraud. Fraud became phishing. Phishing became invoice fraud and ACH fraud. And suddenly the same security telemetry that detects compromised infrastructure also helps identify fraudulent users before they ever reach checkout.
That is where things start getting weird.
In this episode, I sat down with Cy Khormaee, who helped build Recaptcha at Google and now runs Aegis AI, to talk about why AI phishing detection is forcing fraud and cybersecurity teams closer together whether they like it or not.
And honestly, once you realize the same behavioral signals can stop both account takeover and payment fraud detection, the organizational separation starts feeling a little artificial.
We get into AI email security, AI-powered fraud, fraudster ROI, upstream fraud detection, and why modern attackers are moving faster than most enterprise security stacks were designed for.
Also, I learned that Google literally tracked the market price of breaking CAPTCHA systems like a stock ticker.
Which honestly feels extremely fraud-brained.
What you’ll hear in this episode:
- A practical look at why fraud and cybersecurity teams are starting to share the same signals
- How credential stuffing and account takeover pushed security tools into fraud prevention use cases
- Why AI phishing detection depends on more than static email rules or reputation checks
- How AI email security is changing as attackers use AI to generate more targeted phishing attacks
- Where invoice fraud, ACH fraud, and accounts payable fraud sit between security and fraud operations
- Why security telemetry and fraud telemetry become more useful when teams connect the full user journey
- How Recaptcha evolved from image puzzles into behavioral detection and fraud prevention infrastructure
- Why “good people leave tracks” still applies across both fraud and security signals
- How upstream fraud detection helps stop problems before money leaves the platform
- Why fraudster ROI is one of the most useful ways to think about modern defense
- What teams should ask vendors before buying AI-powered fraud or AI security tools
Expect a conversation about tools, signals, attacker economics, and the awkward reality that fraud and security may already be converging, whether the org chart admits it or not.
Who should listen:
- Fraud leaders and fraud analysts
- Cybersecurity professionals
- Trust and safety teams
- FinTech fraud prevention teams
- Email security teams
- Accounts payable and payment risk teams
- Teams evaluating AI phishing detection or AI email security vendors
- Anyone working on credential stuffing, account takeover, invoice fraud, ACH fraud, or upstream fraud detection
Basically, if your fraud team and cybersecurity team only meet during incident review, this one may be worth playing in both rooms.
Episode notes:
This conversation starts with ransomware in a classroom, which is funny for about three seconds and then immediately becomes the point.
Honestly, for a cybersecurity professor, that is either terrible timing or very strong teaching material.
Maybe both.
It also happens to be a clean way into the actual topic: what happens when security stops being theoretical and fraud stops staying neatly inside the fraud team?
Cy and I talk about the overlap from a practical angle. Not “should the org chart change?” in some consulting-deck way. More like: are both teams already looking at the same attacker behavior, identity patterns, and telemetry?
A lot of the answer is yes.
We get into Recaptcha, account takeover, phishing, invoice fraud, ACH fraud, and why the line between security and fraud keeps getting blurrier. Cy also explains why AI-generated attacks are making the old rule-based playbook harder to trust, especially when adversaries can adapt faster than most enterprise systems.
The part I think fraud teams should pay attention to is the operational one: how far upstream can you detect the problem before it turns into money movement, cleanup, and a very uncomfortable incident review?
We also talk about what to ask vendors claiming they have AI, including how their models work, what happens to your data, and whether AI model testing is actually happening or just being implied in a slide deck.
Because “we use AI” is not an answer.
Not anymore.
Key takeaway:
Fraud and cybersecurity do not need to become the same team tomorrow.
But they do need to stop pretending their signals live in separate universes.
AI phishing detection, AI email security, fraud telemetry, security telemetry, account takeover detection, and upstream fraud detection are all starting to point at the same thing: the attack path is connected, so the defense probably has to be connected too.
The goal is not perfect security. That does not exist.
The goal is to make the attacker’s business model worse.
Less glamorous than “stop all fraud.”
Probably more realistic.
Episode transcript
Chen Zamir00:02
Welcome to another episode of the Saturday Fraud Strategist. And with us today, joining us is Cy Khormaee. Cy is a seasoned cybersecurity expert. He's a professor for AI at UCLA. And he's also the founder and CEO at Aegis AI. Cy, welcome to the show.
Cy Khormaee00:22
Well, Chen, thank you so much for having me. It's really a pleasure to be here. And it's funny, you know, there is never any break from security. I was just teaching yesterday and we saw our learning platform got ransomware, live in the classroom. So I was reminded there are no days off.
Chen Zamir00:38
Well, that's at least good good material for the students.
Cy Khormaee00:43
Yes, absolutely. Gave me a really good intro. So this is the first class. They didn't even know who I was. I was like, hey, so good news and bad news is there's an incident. The good news is this is actually what I do for a living. So let me give you like two or three tips that we're gonna do right now before we proceed.
Chen Zamir00:57
I'm sure it looked completely scripted to the students.
Cy Khormaee01:02
Yeah, it did. Except it actually impacted, you know, it's a large LMS platform that was impacted. I think impacted like a large number of schools across the United States. So I swear it wasn't actually me.
Chen Zamir01:11
Well, I don't know. But anyway, Cy, for those listeners who don't know you, maybe you can tell us a bit more about yourself.
Cy Khormaee01:21
Yeah, so just quick background, you know, I grew up doing large-scale ETL at Microsoft, so built some of the early systems behind AdCenter Analytics. Back when ETL meant you were writing, you know, C data pipelines, you know, people now have it so easy. I then spent about a decade building companies all kind of in the AI and data space. So one applying it to commercial real estate, one applying it to sales technology, how to kind of send great relevant emails to people, and then you know.
Chen Zamir01:34
Yeah.
Cy Khormaee01:48
Spent some time at Google, I'm sure we'll dive deeper into that, where I built, you know, some of the er earliest, you know, versions of reCAPTCHA, Safe Browsing, a lot of the core platforms that are behind Google's phishing, malware, and fraud systems. And you know, more recently I'm running this company with some friends called Aegis AI, still fighting the good fight against fraudsters in the security space, trying to keep email safe.
Chen Zamir02:13
That's awesome. So speaking of which, I think one of the reasons why I thought it would be super interesting to speak to you is because over the past few years, I would say five years or so, there's this, let's call it, debate in our industry whether you know fraud prevention and cybersecurity shouldn't actually be within the same organization, like fraud being rolled up to the to the CISO. Or similarly. And I and I wonder like obviously I have my thoughts about it, but I wonder where do you stand on this on this controversial topic.
Cy Khormaee02:53
Yeah, it's a really interesting topic. And what's really funny about it too is when I ask, look, I have so many friends in so many different areas, because by the way, like no matter what, fraud and security are very close partners and they do very similar jobs. The difference is the goals are really different. If you think about most fraud professionals, especially in say the credit card space, it's like, okay, take that fraud rate from 3, 4, 5% to 1%. Like that's that goal. In security, it's don't get compromised. And they're like slightly different goals, but all the behaviors are similar. And what's really funny is I see leaders get asked to combine the rules all the time, and both leaders like, no, we don't want to, we're already busy enough. So maybe one of the biggest limiting factors is both jobs are so hard, it's almost impossible to combine them in the same person. But I do think the activities are very similar, and there's a lot of overlap where they're working more and more together, and it does make a lot of sense to put them together, despite, you know, sometimes the resistance, because I think both sides are just way too busy all the time.
Chen Zamir03:29
Hmm.
Chen Zamir03:50
Yeah, that's super interesting. I think that, you know, when I think about it, I see that as you kind of mentioned, the processes and sometimes kind of the talent in terms of profile might look quite similar. But I think also to an extent in let's say fraud is much more of an everyday occurrence rather like
Cy Khormaee03:56
Mm.
Chen Zamir04:16
When you compare it to cybersecurity, right? At least in most organizations. And so how you approach it, whether this is a theoretical threat against you need kind of just safeguard yourself and mostly pen test yourself, or is it a daily grind that you need to kind of manage and you know that you will get you know you'll get on the short end of the stick on a daily basis. I agree. It's like the even though the organizations look like they work similarly, the way that they kind of structure their KPIs, their goals, is is quite different. interesting. I must say though, and maybe we'll get to that in the end, in the past couple of years we see a lot of changes, right? In in cybersecurity and fraud. So I don't know like if you if you if it made you kind of rethink where you stand on it.
Cy Khormaee05:22
Totally. I think if you asked me this question six years ago, I would say, hey, they're very different orgs, different technology and stacks, like it's too hard to integrate them, kinda don't bother. I think that we've observed that the signals are converging rapidly, and then with AI, there's more and more opportunity to share data across the kill chain. Even, you know, Matt Vega on your team is someone we know well. You know, we first overlapped when he was at Instacart because I was the product leader for reCAPTCHA at the time. Instacart had been using reCAPTCHA to stop kind of credential stuffing logins like people just trying a bunch of different passwords to see if they can get through. And at some point they had a big issue with carding. And you know, the team came and said, hey, like, can we use reCAPTCHA to stop this? Those can you use the security tool to solve a fraud problem? Like, I don't know. But let's try. Let's dive in together. Let's give it a shot. Turns out the answer was yes, you absolutely can. So the same tool, the same telemetry, just more broadly applied, was really effective. And the other add-on we learned is actually watching the behavior from login to on-site behavior to takeout behavior was very helpful. So it's not only do I give you three similar signals with the same observability, but you can connect those three experiences into a fraud journey. It really tells a story about the adversary or the benign user to have kind of higher accuracy. And so That was maybe one of the first wake-up calls where the tools themselves were just hyper-converged, right? And it kind of led us down this journey of kind of looking at fraud as a capability of reCAPTCHA, which had traditionally been a security tool. And we should also maybe tell that story at some point too. On the other side, you're seeing data become more and more accessible, where you can have everything in a data lake and start to put together that journey all at once. So I guess if fraud professionals are kind of listening and thinking about that, it's like, what toys does security have on the tool side that you want? And then what data does the security team have that you want? And I would bet that your security counterpart wants the same toys from you and the same data from you. And that sharing is gonna create a really positive match.
Chen Zamir07:19
Mm-hmm.
Chen Zamir07:33
And for for those listeners that are not I mean, I think everybody's familiar with reCAPTCHA, but not necessarily like understanding or matching the experience and the name of the product. Can you maybe just explain explain, sorry, quickly what reCAPTCHA is and how it looks like?
Cy Khormaee07:52
Yeah, and also how it looks like over time, right? So you think about when your CAPTCHA really came out something like fifteen years ago. It was like that little squiggly bit of text that you were trying to read to understand what's happening. You know, Google acquired the technology 'cause it was a great way to train some of the Google text to sorry, kind of image-to-text AI, the very, very early versions of OCR Google had.
Chen Zamir07:53
Yeah.
Cy Khormaee08:16
Then it evolved to do kind of image recognition. So I think we've all struggled to figure out, you know, what is a stoplight, what is a bicycle. It's this very existential question that you find. And, you know, again, that was used for a lot of like the early maps training data. At some point in that period, we found two things, maybe three things. One is that everyone's pretty bad at this, especially regular users are pretty bad at this recognition. And adversaries are really good at it. And that creates a couple problems. The first problem is. It becomes an ineffective gating tool when there are warehouses of people manually solving it who are much better than anyone in real life. So that creates an asymmetric to the downside detection technique. The second is the data you're getting out of it is getting pretty dirty and makes it difficult to use on AI. So that's kind of at the point I took over the product. At the point where there were these images that would kind of figure out what the future of this product was. At the same time, we talked a little bit about credential stuffing. For those of us who are in the community in 2016, 2017, there's a bunch of data breaches that happened. So essentially went from like a password and a username being somewhat infrequent and somewhat hard to come by to it being ubiquitous. I think everyone's passwords were leaked on a, you know, maybe two to three times a year basis, right? That's like very problematic in because it means that you can test a very small number of these passwords to bypass any login. Which meant that these login breaches and these ATOs were happening at an exploit increasing rate. And we realize, hey, we can apply recaps on top of that and stop it. And we don't stop it because of the images. We actually stop it by looking at the behavior of the client on the page. So if you look at, you know, can you know your behavior in the internet, it's well observed over a long period of time. You're gonna show up at a bunch of places. I'm gonna see your cookies and your clients everywhere. From that can infer you're a pretty good actor. You know, there's not a lot of bad reputation out there. Well.
Chen Zamir10:07
Mm-hmm.
Cy Khormaee10:12
Who knows, but probably not, right? On the flip side, if I've never seen you before, can you imagine this scenario of like you walk into a bank versus I walk into a bank with a ski mask on? Well, that's immediately gonna raise a bunch of questions, right? And it's a very easy way to filter out, kind of benign from malicious. And we've done that across a bunch of different areas. If anyone's who've been on a Zoom call, a Google Hangout, you know, basically 80% of probably the internet usage of this audience is all gated with reCAPTCHA. That's looking at kind of these signals. I'll show you kind of a little chart of like what that looks like over time. You know, I think I took over this product in you know 2017. We had about 55 of the top 1,000 sites. And you know, over the five years or six years there, we brought it up to 320 sites, which by the way, it's probably the larger of the 320 of the top 1,000. So it really represents a propensity of that traffic. And we're able to do that because we're able to actually get better detection. Because you're able to do a detection that the adversaries don't have a way to game, or not an easy way to game. They don't can't see the answer like they can with a CAPTCHA. And it doesn't annoy users. And so we found this really happy medium that really enabled this project takeoff. And then the third thing that happened that was really beneficial is we got to a data density where like 99.999% of users were going to be known to us and known to us across multiple different concurrent platforms. So I can say with very high certainty.
Chen Zamir11:11
Mm-hmm.
Cy Khormaee11:38
Hey, again, Chen is like a very legitimate user because I can see him in all the other sites. So there's lot of cross-telemetry that can happen. And so you can actually say, hey, look, if I just haven't seen you before, that becomes a stronger and stronger negative signal versus trying to look for the negative signals in sparse data. And I think that, if you think about most detection platforms, is such a powerful place to be where we go from understanding the majority of the market to understand the minority of the market. So you can really look and say, look, I already see most of the world. And you look really strange compared to most of the world. That's a really great way to detect 'cause also, by the way, adversaries don't have that data, so it's great. And it's asymmetrically advantageous to the defenders, which is again a unique place to be.
Chen Zamir12:17
That's super interesting because I think all of these three signals that you just described are, you know, we use exactly the same methods in fraud prevention. They just look slightly similar. So for example, you know, you mentioned that fro like bad actors would be really good at solving the bicycle challenges. And it's the same it's the same kind of idea where if I would see a customer's name spelled with a spelling mistake.
Cy Khormaee12:38
Yeah.
Chen Zamir12:46
I would know it's not a fraudster because a fraudster will, if they do not copy-paste it, they would check it really, really well before they click the button. So that's one. Second, we have a say that in fraud, good people leave tracks. So if you see someone new that you have you don't you don't have their history, that on its own is quite suspicious, especially if you have data at scale.
Cy Khormaee13:14
Yeah.
Chen Zamir13:15
and thirdly, of course, anomaly detection is yeah, it's a it's is a hallmark. So we go back to the fact that it's interesting that you know both of these are quite similar sorry, quite different teams, quite different, let's say, domains, but in the end the behavior of the bad actor and how we are trying to detect it is so similar.
Cy Khormaee13:41
Yeah. And by the way, if you look at the signal gathering itself, it's identical. So if you look in like how we think what we're looking for, as you your point, we actually converged this and we started a fraud business out of reCAPTCHA, like it's actually the same tool. We just give it to a different team for a different purpose, but it's actually the same tool. And actually in a lot of places we deployed, it would start just like it did at Instacart from that front door and then just kind of percolate backwards towards the fraud team. So maybe the big difference is like the security team is always at the front door with authentication identity. And then we just like propagated that signal backwards until it reached the takeout, which is kind of where the fraud team really lived and owned. And somewhere in the middle with the negotiated difference between the fraud and security, but actually it helped both sides because in security and ATO, I may not be totally sure when you first log in, but I'm gonna get increasing certainty as I go down this funnel. By the time I reach takeout, we have high certainty. And that actually plays on both the ATO as well as the takeout scenario. So again, it benefits both teams closely. So to your point, this I mean you kind of started this conversation by asking, like. Should the teams converge? This is an example where the tool basically converged, and we had these security teams and the fraud teams working closer together on the exact same data with the exact same install point, with the exact same telemetry, and having really positive conversations. And even by starting to blend their metrics, we're like, hey, actually, if you block a little more on the ATO side, specifically this type that's going after like high-ticket user looks like a compromise user. We can reduce fraud rates on the back end. And so the numbers started to influence each other, which is maybe where you're getting to, where it's like there's starting to be like true organizational overlap when because the data is shared and each team can affect each other's KPIs, which is always true, they just couldn't see it. They're actually maybe able to make smarter trade-offs at the front door now, which is really interesting, or even delay things. Like if we think about, you know, when is decision made to delay a checkout or delay a delivery? You go we think about delivering a phone. That's a big miss. If you deliver a phone, I'm gonna make this up, but it's a 30% margin product. So if I deliver one phone to a fraudster, I need to sell three phones to make up for that, or five phones to make up for that. So it's a big, big miss. So say, look, at the front door, I see all this data that's making me more and more nervous. And so let me gate the delivery of that product until we do the proper review. Let me gate even maybe the running of that card. So a lot of times we'll do like the prepay or the issue of the payment. Let's do an additional 30-second fraud check. Let's do the deep dive, even have an analyst look at it before.
Chen Zamir15:58
Yeah.
Cy Khormaee16:08
We even touch the credit card payment network that might affect our standing there. So I think that's where we're seeing like extremely positive overlap that I'm pretty excited about. And again, it's just making life harder for the fraudsters. So like my whole business is we want to make their lives harder. Even at reCAPTCHA, you know, by the way, two funny things about reCAPTCHA, the way we measure it as a fraud teammate. One is that we measured how much it cost to break a CAPTCHA. So there's a market price for this, and we just track it, you know, just like the stock price. And my job is to make a number really high.
Chen Zamir16:33
Interesting.
Cy Khormaee16:37
So it's unaffordable to do this because it's never impossible. I'm never like all fraud people know, it's never po it's never impossible. It's just a matter of cost. And your adversary is running a business. And my job is to make the business not profitable, so they go do something else with their lives. On the flip side, we also even looked at, you everyone, every once in a while, there's an article that says, like AI can break reCAPTCHA, which is totally true. It absolutely can. The difference is, can you break it at cost? And what's funny is right now, in most cases, it's much cheaper to use a human to break a CAPTCHA than it is to actually have a have an adversary do it. And even actually in some of our later work I'll show you, like we found ways to do this automatic with LLM-based browsers. It's all possible. It's just more expensive.
Chen Zamir17:22
Yeah, it's just about ROI, right? It's not about whether it's possible, but whether it's worth the bad actor to actually do that or not to go somewhere else. Yeah.
Cy Khormaee17:33
Exactly. 'Cause I think the only person that says fraud or security breaches are impossible does not work in fraud or security. I don't think anyone specifically like anything's impossible. It's like it's all possible. In fact it's all somewhat unfortunately somewhat likely. It's just, you know, to your point, a matter of cost.
Chen Zamir17:37
One hundred percent.
Chen Zamir17:47
Absolutely. interesting. So From what I understand how Okay, let me restart.
Chen Zamir18:05
Okay, so you described the way how you kind of penetrated companies through the cybersecurity team and slowly made your way to the fraud team. And I wonder if you were like if you thought on and I wonder if you thought of basically packaging the reCAPTCHA product for fraud teams, if that was You know, like a product that you were thinking of launching, did you launch something like that?
Cy Khormaee18:41
Yeah, we actually did. So it's a great point. That's actually what we did. And and the reason is the value increases. So we talked a little bit about the metrics difference between security and fraud. Security, like always has a fuzzy number on what an ATO cost is. You're like, I don't know, if I take over some account, how like how disruptive is it? How likely is there to take out to happen? How likely is it to disrupt the user experience? It's all a little bit fuzzy. And to your point you made earlier, it's kind of risk-based, right? We're trying like squint at a number and figure it out. Whereas fraud's like, no, no, no, there's like actually a number. And what's even worse is if you're running like a 20, 30% margin business, maybe a retail business, you're running 10%. That's five, six, seven, maybe ten percent of your net income because you're losing just straight net income off the top. So it's really, really serious. And I'll tell you, the reason I got excited about this as a product leader is every CEO I talked to, including like Fortune 10 retailers, knew their fraud number. They mention it in the earnings call. No one's really talking about their ATO numbers. It actually is a great motion for us, and I think for the world, because we were basically moving from a important, but you know, from the organization perspective, lower value use case to a higher value use case. We're like, hey, if I stop one percent of your fraud, that's like, you know, 10% of your net income. That's like every dollar I saved you is real dollars back in your pocket that like
Chen Zamir19:54
Yeah.
Chen Zamir20:01
Yeah.
Cy Khormaee20:04
I can ask for some portion of, and it's super clear. Like there's like literally a number, and you can run live A/B tests. So if you want, you can run a 10% sample forever and constantly measure me against that and measure the spikes. The one thing I'll say that threw off that sample, which is kind of funny, is a lot of adversaries became so afraid of interacting with the reCAPTCHA, they'd actually have a separate sensor network to identify sites with reCAPTCHA and avoid them. Because if you got onto a site with reCAPTCHA, we'd look your infra and we'd burn
Chen Zamir20:08
Yeah.
Cy Khormaee20:32
And so people did not want to get anywhere near the reCAPTCHA sites over time because they viewed the risk was really not worth it. And by the way, one of the most costly things I can do to an adversary is understand their command control, understand their IPs, understand the infrastructure, especially compromised infrastructure they've acquired. Burn it, meaning tell everyone that it's bad. Maybe even by the way, tell the owners that infrastructure they've been compromised, help them fix it.
Chen Zamir20:47
Yes.
Cy Khormaee20:57
And now the adversary has a two, three, four, five month rebuild process, which is really, really difficult to deal with, which again really drives the cost up, which again is my goal. So I make their lives a little bit difficult. I'm not I'm not their most I there's probably a dartboard with my face on it somewhere in, you know, a non extradition. Or a few dartboards. Yeah, yeah.
Chen Zamir21:06
Yeah. Yeah.
Chen Zamir21:11
You hope. Yeah. that that's super interesting. I mean I would I would hazard a guess, like I don't I don't know how you see it, but I would hazard a guess that today it is actually easier for malicious actors to rebuild their infrastructure and even to kind of mutate it. in real time to kind of avoid this burn, right? Because that's a very common tactic of of of you know both fraud prevention teams as well as cybersecurity teams.
Cy Khormaee21:48
It's interesting.
Cy Khormaee21:56
Yeah, it's a really good point. You know, let me actually dig up some data here. It's kind of interesting to see, you know, some of it is I'll show you some data here really quickly. and what we're gonna show is that actually the major providers, well, it's very easy to rotate data. It's become harder, and this is some data presented at M3AAWG. So this is present at an academic conference. But you know what we found is like the major providers are getting better at gating. random IPs, random domains. So that just stuff doesn't work very well anymore. So you actually need to use compromised domains, which means that the diversity of domains used in attacks is actually falling. Because you're right, it is trivially easy to create new domains and new IPs. The problem is those don't pass the basic security controls anymore from you know Google or anyone else. And so you need to do to commit fraud successfully, not that this is a guide, but it's probably very well known, is like you need to go find someone with a good reputation, ATO them, take over their infrastructure, and use that.
Chen Zamir22:23
Mm-hmm.
Cy Khormaee22:50
To do the takeouts. Like that's what's effective. And so in this graph, what you're seeing is, you know, a lot of these attacks are coming from a smaller number of domains and specifically attacks that are, you know, AI-powered. So if you have the smaller set of domains that are more precious, I need to have a much higher conversion rate attack. I can't afford to really spray and pray and just see what happens that I could with this infinite creation of IPs and domains that's to your point fully automated. If I compromise the domain, I spend some money and time, it's a unique thing, an asset I need to use.
Chen Zamir23:02
Yeah.
Cy Khormaee23:20
I better have a hit rate that's ten, twenty, thirty percent rate, not point zero, point zero zero one percent rates.
Chen Zamir23:26
Yeah, that's interesting because I think it goes back to the to the principle of good people leave tracks and the fact that it's like it's it's not only about the identity that is kind of carding or the user that is trying to access an account, but it's also the infrastructure itself, right?
Cy Khormaee23:35
Mm-hmm.
Cy Khormaee23:49
Yeah. Yeah. And it's and SharePoint are actually both are are are examples of of infrastructure, right? I think again, Matt on your team does a phenomenal job of swinging some really terrifying like fake ID, fake KYC passing stuff that is terrifying. And that's nothing where like people will take real identities or sell real identities or sell real facial identification or real devices, like human identity, device identity, aged Google accounts, these are all Assets. Okay, essentially everything a fraud fighter would look at are l all these trails, to your point, are all things people realize and they're buying and trying to assemble these trails. And then the harder we make that, the more the trail we look at, the more difficult it is. So if all I need is to not look like a headless Chrome browser, that's easy. If I need to have an age GAIA account, the correct username and password, a CAPTCHA bypass egress, an age credit card or banking out. Like, Now you made my job really difficult. I wanna go do something else in my life, right? Like that, just as we expand, that chain becomes exponentially more expensive, which is good.
Chen Zamir24:48
Yeah. Yeah, exactly. It make it makes it mainly more expensive and then my ROI goes down and I go elsewhere. Yeah. So I wonder you described kind of a lot of examples of how, especially like you know, through the reCAPTCHA lens, how fraud teams adopted cybersecurity tools. I wonder if you've seen the opposite or if you had that experience in reCAPTCHA where you kind of baked into the product.
Cy Khormaee25:00
Mm-hmm.
Chen Zamir25:21
Features or capabilities that you've seen in the fraud prevention world and you thought that this actually can be also very useful for cybersecurity.
Cy Khormaee25:31
Yeah, absolutely. And you know, we're even doing this today. So at reCAPTCHA, one thing that we did was we started looking at the transaction signals. So, like, okay, well, we're working our way back to the takeout. You know what we should do is we should go look at the transaction, right? Because that's a classic case where like I get a lot of data about not just if this is bad or not, which is kind of where security typically lives, but like, how much is it? How often is it stolen? What's going on here? Like, if you think about the Instacart example. How often are groceries actually stolen? Like, I assume pretty rare. It was actually a different kind of abuse, right? Versus a phone is a really nice commodity to sell. It's compact, it's high value. Like, that's a great one. So, versus, I don't know, like a hair tie. Like, I don't know what you're gonna do with that, but good luck reselling that. It's not worth it, right? So you can make a of these decisions in a more nuanced way. And actually, even brings you kind of what we're working on today, and look, working with Sardine on, which we're really excited about, is starting to look at some things in the invoice, right? This is actually, again, a
Chen Zamir26:03
Yeah, yeah.
Cy Khormaee26:28
I think a perfect example of the marriage between these two areas. Let me see this. I mean, here's an example where, like, it's actually one of the hardest problems. You know, right now we're an email security company. So at Aegis, what we basically do is we apply all of the latest LLM technology to spot all of these AI-generated attacks. Like that's kind of fundamentally our business. One of the big blind spots, one of the reasons, you our companies are working together is the invoice, because I can make this invoice perfect to your point. I can assemble the right vendor, the right company, the right names. All of this can be perfect. What I have on my side that's unique is I understand the email origin, provenance, assembly. I've got a lot of sophistication on how I look at emails. And then Sardinee has a lot of sophistication on how they look at the transaction and the account number and things like that. So that's why we're literally again just putting those two pieces together to fight this new wave of fraud because otherwise, I think you can slip through the cracks again by putting, you know.
Chen Zamir26:56
Mm-hmm.
Cy Khormaee27:23
I require both parts of that trail to be assembled perfectly to attack me. If I only require one or the other, it becomes like five, six, seven times easier. Cause I only got to fool one side of the house. Versus now you gotta fool Aegis and Sardinee to get past us. I think that's a really powerful combination that again, that gift just keeps on giving and that porous barrier between security and fraud keeps on happening. By the way, in this use case too, by the way, it's both a fraud and a security use case, because email security is traditionally owned by security. When that gets breached.
Chen Zamir27:38
Yeah.
Cy Khormaee27:52
It lands on the desk of a ACH fraud team or accounts payable fraud team. And so basically they're just downstream of security. So they're, again, completely married and should be using each other's tools and data to influence each other, especially because, you know, and we talked about a lot of the our our friends at CrowdStrike and SentinelOne in this space. By the time it gets to the EDR, it's already a mess. Like it's already on the device. A bad thing has happened. By the time there's a fraud control alert, like there is a mess to be cleaned up.
Chen Zamir27:55
Yeah.
Chen Zamir28:20
Yeah.
Cy Khormaee28:21
If I can take telemetry from fraud and push it forward in the funnel and act faster, I can keep that mess off your desk and you can just look at that and be like, that would have been bad. It's good we learned from it and then move on with life, which is really what we want. Because again, it was started with both fraud teams and security teams are perpetually too busy. I've never met a head of fraud or head of security. It's like, I don't have enough stuff to do. They all have way too much stuff to do, way too much risk to deal with, and they don't have comfort with their posture because there's so much out there. If we can take one more thing off their plate.
Chen Zamir28:24
Yeah.
Cy Khormaee28:51
Take an incident and make it an alert, I'm delighted to do that.
Chen Zamir28:53
Absolutely. I I agree with this notion or this strategy so much. It's just so much more efficient and clean to do things or to deal with these threats before they actually manifest and especially before they monetize and exit the funds from your platform. And then you know y yeah, I mean you can start chasing the money and you can even get it back, but it will cost you quite a lot. So yeah.
Cy Khormaee29:21
Yeah, yeah. It's very tough. You know, we talk a lot. We have our our friends at the local FBI office. We talk about that all the time. They're like, look, we get hundreds of thousands of reports. I can chase one percent of the really big ones. And even then, we're gonna chase things. They're gonna help and they're great, but they're gonna have one or two agents chase them through an ACH network and try and get it back. You know, it's like one percent of one percent of one percent is kind of your your level of getting that back once that transaction's happened.
Chen Zamir29:29
Yeah. Yeah.
Chen Zamir29:42
Yeah, I mean if you're if you're at the point where you need to FBI that you're you're not in a good spot. So tell me, you you started speaking about Aegis, but I want to kind of go back one step. Tell us about like, you know, so you've done reCAPTCHA. What made you think about Aegis, the idea? Because the as we kind of talked about it a bit at the at the earlier part of the conversation, things have radically changed in the last couple of years. And both how fraudsters and let's say malicious cyber criminals behave has really changed, really shifted. So what's the idea behind Aegis? How do you see that?
Cy Khormaee30:27
Yeah, I mean, really, you know, we spent, you know, all of us here spent about a decade at Google looking at these problems. We observed a couple things. And again, very similar to the fraud world. One is that the attacks are accelerating and they're becoming unique and they're using more and more sophisticated tactics. And it used to be in fraud and security, you see an attack, you write a rule, you configure it in a big rules engine. That's just traditionally how it worked for a long, long time. But as the attacks become more unique, you can't keep up by writing rules. You just can't physically do it. And then at some point you get this rules engine that has like a hundred thousand rules. At Google, we had a 10,000 rule-based engine. It's too big, it's too unmanageable. And look, if there's a false positive, good luck figuring out why it happened, right? You become the navigator of the rule maze, which is a losing battle. And so I said, look, this is where it's going. This is the future. How do we get in front of it? And we really get in front of it by saying, let's replace rules with LMs. Which again, very similar. I think me and Soups have a very similar premise of like how we think about our similar worlds is like, great, attacks are more diverse, they're prom more sophisticated, they're using more pieces. What's really good at that? LLMs and unsupervised AI, right? So let's apply that to our problem in our respective places. And that's, I think, worked really well. You know, we started this company, we kind of had I'll show a couple of slides here. We had or a couple pieces of data more importantly. We had a trend where we saw the attacks were kind of increasing at a rate of about 4,000% since ChatGPT came out. Just the volume was going up. And that was before we started. More recently, we presented at you know a conference as well. It's like the success rates of bypassing controls are really, really scary. So we've seen kind of the AI spear phishing attacks, these N of one attacks generated by AI, be almost twice as effective as traditional attacks and bypassing
Chen Zamir31:57
Say.
Cy Khormaee32:17
Existing detection systems. In this case, it's existing Google, Microsoft, point solution email security tools. Because they will flat out recognize and know the rule you wrote and evade it. They just kind of quickly sidestep it. And it's easy. And they don't even have to do that intelligently. They can also make 50 attempts and see which one gets through, right? So they kind of understand that fuzzing attack. The second thing we've seen that's been a big evolution over the last eight months.
Chen Zamir32:34
Yeah. Yeah.
Cy Khormaee32:43
Is the percentage of these AI-powered attacks has gone from 2% to 15% over a very short period. And that kind of tells us that adversaries are coming up the S curve and making more and more dangerous content at higher and higher volume. So I expect actually both the percentage bypass rate as well as the volume of these attacks to rapidly escalate, essentially as adversaries adopt AI. And you look, we're all trying to adopt AI, you know. We we talked at, you know, one the last fraud conferences with with the Sardine team and an audience about how difficult it was in some cases for fraud teams to adopt AI tools internally because there's compliance, there's that procurement, there's a whole process they have to go through. Adversaries don't have any of that. Man, they want to drop the latest DeepSeek model, OpenAI or Claude, and give it a shot. Like they don't care about your data. They're just gonna give it a try and see what happens. And so they're moving at this rapidly accelerated rate. And so one of the biggest reasons, you know, we had half of our team leave Google to join us, and a bunch of folks
Chen Zamir33:23
No.
Cy Khormaee33:39
From Facebook and Amazon as well. Like so much care around this mission is we really believe that the adversaries are well ahead of the defenders here, maybe one, two, three years ahead. And we have to come together as a team because we care so much about this mission to act quickly to create an effective defensive layer before this thing really cracks wide open. And we're already seeing the cracks accelerate right now. I'm hearing from customers every day that like the email attacks are getting out of control, their existing tools are not stopping it, they don't know what to do about it. And so we're like very, very dedicated to work as hard as we can, as fast as we can, to offer them that layer of control that doesn't really exist in the industry yet.
Chen Zamir34:15
So you're you're a founder. That means you're an optimist by nature. so I mean what's your what's your optimistic view on how to actually put a stop to it? Because the picture that you've painted so far, which by the way I totally agree with, is pretty grim.
Cy Khormaee34:19
Yep. Yes.
Cy Khormaee34:36
Yep. Yeah, I think the and look, I am an optimist, right? A a little bit crazy. It's it's always a hard thing to be like, hey, I'm gonna rebuild this thing over time. But look, one thing is I think someone's gotta solve it. So one thing that makes me really happy about this mission is like someone's gotta do it. So it's not a solved problem. Our premise here though is really to investigate every attack. So a lot of time all the other controls, and this is also true for historical fraud controls, they kind of look at like a statistical average. They kind of trying to blend a bunch of things and look for a pattern and look for abnormalities, right? It doesn't really work moving forward again in these new generative attacks. And so you actually have to investigate every single attack. Like that's really the core answer here. And so that's really the platform that we've built. And so I can even show you kind of how what looks live in the in the product, not to get too too salesy, but like it's just cool to kind of see if you look at this email, traditionally be like, I don't know, we look at the headers, we see like what's odd and what's not. But really you pop open kind of our AI analysis, what it's really gonna do is it's gonna call a series of agents. And the agent can call a friend. So it investigates the header and tries to figure out what's going on there. Then the header agent calls reputation, URL inspector, content analyzer, and they'll dig into their respective areas to find risk. Then it goes to understand the context, like why are they asking for the sensitive data? And eventually can classify intent. Are you using urgency tactics? What are you using to kind of get the user to act? And by sequentially asking these questions, just like any fraud analyst team or any security analyst team would, you can get to the bottom and find you know and secure what we call the TTP. Or like the real tactic that is malicious, the real illegal activity or fraud that's happening, versus just saying, hey, this thing kind of looks odd. And I think that's really the future where you can go head to head and really understand kind of bypass a lot of these threats. And I'll show you one other thing that's kind of really relevant as an example. A classic rule, and this is from an attack we just saw pretty recently, is that if you are showing something here that's like a classic DocuSign document is what we're showing on the screen.
Chen Zamir36:12
Yeah.
Cy Khormaee36:37
You must link to DocuSign, and we're showing on the other side here the DOM that does have a DocuSign link as part of the original source tag. The problem is that tag is actually totally dead, not used for anything by the actual rendering DOM. The rendering DOM is going to use this href that's actually malicious and linking to a malicious URL. And so in this case, this adversary has completely understood this rule, has satisfied the rule successfully, and delivered a malicious payload past a classic gateway. And this is just one of many examples of how these bypasses are happening. Maybe another kind of notable one that's one of the scarier ones is we were the zero-day reporters of the Salesforce breach, where Salesforce was compromised and sending malicious emails out on behalf of their users in the fraud space. You know, Robinhood recently had an exact same issue. And so I don't want to pick on Salesforce and Robinhood. It's happened across 10, 20, 30 large companies that we've seen and countless smaller companies. So just expect this to happen. Expect the reputation to be high, expect a bunch of the data to look good, you really have to dig deeper and deeper to really find the abnormalities in order to really understand, you know, what's at risk and what's not. Even to the extent you need to have specialized, you know, agentic crawlers, and I'll kind of show maybe one other quick example here of what the future of this detection can look like as we kind of race to keep up with the adversaries. I'm going to switch screens here to something else.
Chen Zamir37:44
Yeah.
Cy Khormaee38:00
Is we developed what we call Vanguard, which is a agentic browser that is LLM powered. And as you go through and you can launch this thing, it'll go through and kind of open a page. And one of the biggest forms of attacks that we see every day is something that requires human interactions. Going back to kind of the CAPTCHA story, right? Where it's like, if I have a human doing interaction, I can get around most crawlers, which is which is true. 99% of the time it's actually true. And so in this case, an adversary has put a password in an email and said, Hey, Trent, here's the You know, here's a patch in the email, please open the email, put it in the document, open the document. Right? That's the classic pattern. Now our browser is able to read that email, understand that, it's able to input that password, open the document, find the risky, in this case, QR code, scan the QR code and find a risk. It can also do things if I skip ahead, like going back to all the CAPTCHA days, it can read a CAPTCHA, it can solve and pass a CAPTCHA to recognize, and this is a Google phishing page. So There's all kinds of things now that are possible where we're using AI to combat AI. And I think you have to use these AI-native methods in order to spot and combat this future risk that is already in the market. And I think just accelerating at a rate where it's a 10%, 20% problem now. But guess what? Adversaries once they discover at work, they're just gonna turn that crank up really quickly. And so I think within a year, it's gonna be an 80, 90% problem.
Chen Zamir39:11
Yeah.
Chen Zamir39:18
Yeah.
Cy Khormaee39:19
And by that time you're gonna see a bunch of compromises before the defensive layers put in, and that I want to avoid for as many people as we can before we get and help the people who've been compromised.
Chen Zamir39:21
Yeah.
Cy Khormaee41:44
Yeah, it's a really good question and a hard one. So let me start with buy and then we'll go to build. I think with buy, I'll just start by saying, like, first of all, pierce through the noise. There are so many like every single vendor says they know and are doing AI. Almost almost they have to. Like I think their board will force them to, right? The percentage that are actually know anything about AI at cheap is actually sub-one percent. I think that's actually one reason I mentioned we hire from Google and Amazon's larger companies, is like first of all, I've been doing this stuff NLP for 20 years. Like I've been in the trenches in the Stone Age banging rocks together to get this done for a long, long time with a lot of struggle. So, you know, I've kind of lived these wars. And my team at Google's been doing this since 2017. So they all have about a decade of experience fighting fraud with transformer models. Like they've got the reps. I would bet on teams, again, I'm biased, but like we've seen this work incredibly well that like have the experience and they are out there. You just gotta pierce through all the marketing noise. And get to those teams. And they may not be as good at marketing because they're gonna be really technical, deep AI researchers, threat experts. Like, go to the people with real content. Yeah.
Chen Zamir42:48
Give me one question. One question. How do I pierce through the noise?
Cy Khormaee42:54
Yeah, I mean a really good question is like, how do your models work? And I think a really bad answer is like, I don't know, we call OpenAI or we call frontier model, not to pick it up. Just like we call frontier model. That's gonna be undiffering. Tell them that we don't really know what we're doing. So what I showed you by the in that demo is like, hey, look, like we built all of our own AI and custom SLMs and LLMs. Here's how they reason together. Here's how we apply it to the problem. And there should be no limited depth if you get on a call with that technical team.
Chen Zamir43:01
Mm.
Cy Khormaee43:22
On how deep they can go to kind of talk about that. So that's kind of one. Two is in that depth and part of your TPRM and security review process, they're gonna ask, what do you do with my data? If you're using a frontier model, they're like, Well, I guarantee all these things, except I'm gonna ship all your data off to a third party and then all bets are off. We've fully separated the inference, the training layer. So I can tell you everything at the top level inference read level is read-only. We don't do anything with that. Everything that we train on. Is stored in a separate segregated data store that you have read-write access to. So you've got full transparency all the time. And you should expect from all vendors that basic and we do more, but that basic level of transparency and separation, it shouldn't be, we're just going to train on whatever you send us. That's not an acceptable answer. So that all again goes to depth. And then third is look for efficacy. You know, there's two classic things you look for: it's false positives and false negatives. Roughly speaking, false negatives. How many things you miss, false positives, or how many good things that you caught. And again, fraud, it's like how many legitimate transactions are you blocking? How many illegitimate transactions are you missing? Look for that data, do that A/B test. But I think you need all three of those things together. You look to make sure they actually understand what is happening in their models and are not just like tossing it off on a third party. You need to understand they know how to respect your data and give you transparency on what is happening and control over your data.
Chen Zamir44:20
Yeah.
Cy Khormaee44:49
And then third is are very clear and very scientific about how they A/B test things. And I'll say something that for us, like we are constantly A/B testing our models every single day and competing with our own models to make them better. That's just how we think about the world because we know adversaries are doing this, we know models are getting better, we know this is the motion we have to do. And if a team is not crisp about how they're doing that, they're not gonna be able to evolve and their product probably doesn't even work in the first place. Because I don't know how you got there without a good scientific approach of doing that testing. It's not magical, right? It's gotta have boundaries. It's gotta evolve like a tool. And so I look for those three things as you buy. maybe moving to build, which is even harder. that's a hard one. I would say one thing that I would really encourage teams to do more, particularly in the fraud world, is do on-prem deployments, especially for custom tooling. I think a lot of times they get blocked by trying to figure out if a third party tool is safe and then how to integrate into their environment.
Chen Zamir45:18
Yeah.
Cy Khormaee45:46
I think there's a lot of cases where you can deploy your own model in a totally closed environment and see what happens in a very safe way. Cause you're just kind of running analysis out of that. I think that would actually unblock a lot. So imagine you set up your own server, you deploy Llama or Gemma to it, and you just roll code against that. I think most data analysts are gonna be successful at doing that. And it unlocks a lot of the TPRM fear you have of bringing vendors, which is all justified, and allows you to iterate rapidly internally. I think that's one I think two is think about convergence of the data lake and the kill chain. I'll flash a slide. I'm gonna have to share it, you know, maybe as a takeaway for this as well, but I think it's really important. What did I do here? Clicking the wrong buttons. is to look at the hyperconvergence of the data layer. So I think right now, even within fraud, there's a lot of fraud data that lives in separate vertical silos. Try and break all of that down and put it in one shared data lake. And to your point, let's look at that between security and fraud. Let's put it all in the same data lake.
Chen Zamir46:26
Always.
Cy Khormaee46:44
And you can operate with an application or MCP server, whatever you want across that data. So break open kind of that data within your infrastructure. I think those are probably two. I'll I'll skip over maybe, of course, maybe my last one that's like very trivial is like use AI tools whenever you can, like, even if it's on your phone, even if it's like picking what to eat at a restaurant. Like sometimes a lot of the fraud audience has not yet gotten into AI, it feels really scary and don't have familiarity with it. Like The two things I love to recommend you've not gotten comfortable with AI is like the next time you're at a restaurant trying to figure out what to eat or what bottle of wine to order, take a picture up of that menu, upload it to your favorite chat app, GPT, Gemini, Claude, whatever it is, and ask it to make a selection for you and see how magical that process is. Something like everyone can do. And I find it's a great way for people to kind of open the aperture to like really understand what AI is and then they can go use it on their computer and then they can use Claude Code and Skills and go deeper. But oftentimes that first experience to kind of w you know, get your hands in it and see the value is the most important. So maybe that's the third one. If you're not yet comfortable with AI, this is a great way to do something really small and simple, even in your personal life, where there's no risk and just like apply it. And the only risk is like the glass of wine you drink or the meal you eat. That's your that's your risk here.
Chen Zamir48:00
I I on one hand I completely agree and I think that's a prerequisite to life, basically, from now on. On the other hand, I like I don't know what you think about it, but I feel that the fact that a lot of folks are now exposed to technology in a very kind of you know like direct way means that I mean my experience is that folks tend to attribute completely magical powers and capabilities to AI without really understanding how to not test it but how to kind of you know like think critically about what is the input that they've put in and what was the output that they've gotten out and I think that actually you know we hear a lot of talk about none of us having jobs in two years or five years or whatever time and I think a lot of that actually is being driven by the fact that a lot of people are exposed to this but they don't see the limitations. They don't see the hiccups.
Cy Khormaee49:18
Yep. No, it's true. I always say it's, you know, it's not a magic wand, it's a tool. And to your point, you want to understand the tool's constraints, its benefits, what is it good at, what is it not good at, in order to apply the tool to the right problem set. It's funny, actually, this is the number one thing I try and have my my MBA students walk away from the class with is like a baseline understanding of like what's the size and shape of this tool. Where can I use the tool? Where should I not use the tool based on its current capabilities? And then this hands-on feeling to your point is gonna give you a hands-on view of what that is. And I encourage you to do this frequently because guess what? This is a tool, but it's a tool that's evolving its capabilities on a monthly basis. So you actually need to be hands-on with that tool to feel it evolve month by month, because that framework in your head is gonna evolve with it.
Chen Zamir49:59
Yeah, love it. I love it. had the same conversation with Matt Vega as well, so yeah, I I totally agree. Awesome.
Cy Khormaee50:07
Me and Matt love talking about this. We're gonna do like a regular podcast together just to like shoot the shit.
Chen Zamir50:13
Who'd who doesn't love talking about AI nowadays, right? Except for my mother. Yeah. Sorry that
Cy Khormaee50:21
And by the way, even my mother, you I do it for my mother, because my mother's, you know, eyesight's gotten a little worse over time. I have her on the voice assistant now. So rather than trying to read her phone, so the phone text bigger and bigger and bigger over time, she can just talk to the agent. So I even think like that's been a huge, a huge value where you can like raise accessibility. It's doing so many cool things there. Even for the don't think of themselves as technologists. Like I think my mom has never like truly adopted the iPhone. But with the conversation, it's like, she's an amazing communicator verbally, so just do that.
Chen Zamir50:42
Yeah.
Chen Zamir50:49
Yeah, I wish I could say the same about my parents, but they'll get there. They'll get there. I think that we can take a lot from this conversation that we just had over the last hour or so. I just want to repeat some of the things that you know I wrote down while you were speaking. So we started with you know talking about fraud prevention and cybersecurity, and one of the
Cy Khormaee50:57
It'll take time.
Chen Zamir51:18
Main takeaways that I take is that fraud teams should you kind of you dubbed it as toys, should look at the toys that the cybersecurity team in their company plays with, and basically see if they can, you know, gain some value out of these toys. Fully agree with that. We talked about three signals that help separate. the bad actors from the legitimate users. We talked about the fact that bad actors would actually usually
Chen Zamir51:59
We talked about the fact that bad actors would usually interact very cleanly with your product. And if you see an unclean interaction, that actually might or not might, it probably means that this is a good user. We talked about the second signal where we said good people leave tracks. We repeated it a couple of times throughout the conversation. The lack of
Cy Khormaee52:05
Mm-hmm.
Cy Khormaee52:26
I love that thought by the way. It's a great it's a great metaphor.
Chen Zamir52:28
It's old fraud sciences, PayPal, yeah, proverb. The lack the lack of data, the lack of history basically means that there's already something sus here. And we talked about obviously, you know, given that you have enough data, anomaly detection, and the fact that you know you have a very small subset of the population that just looks differently, that is already also
Cy Khormaee52:55
Mm-hmm.
Chen Zamir52:57
A signal that you want to look at. There was one other thing that you mentioned, which I really liked, basically tracking how much it costs to break your product or to kind of steal from your platform. That is super interesting. I think having a dashboard with such a KPI and tracking that, and maybe even that being a goal for your team can be.
Cy Khormaee53:15
Yeah.
Chen Zamir53:24
A very interesting way of managing fraudsters ROI.
Cy Khormaee53:30
Yep. By the way, that what we literally had that dashboard and that literally was a goal for our team. So we'd be like, it's you know, we track that like a stock price. Yep. So you're you're right on. Yeah.
Chen Zamir53:32
Awesome. okay. Awesome. Awesome. Awesome. I love it. Love it. We talked about trying to as much as you can upstream your detection. So when you stop something bad from happening, it is still, or at least the funds are still in your system. Not only that, you know, it's less expensive, but also it's much more efficient because trying to, you know, like reverse time. Or, you know, like basically once milk has been spilled, there's so much you can do about it, right? So trying to go upstream as much as you can. And then we talked about, you know, like adopting and implementing AI technology and how to go about it. So we talked about some helpful tips for teams who buy, and we talked about a couple of things that you want to look at. You want to obviously make sure that the data stays your data and is not shipped to China or something like that. We you want to make sure that you are able to do A/B testing or a POC. That's kind of okay, that's a no-brainer for fraud prevention teams. And thirdly, I thought found it very interesting. You want to basically make sure that you are not being sold a wrapper where the technology is basically owned by Anthropic or OpenAI, because I mean, what what are you actually buying at that point?
Cy Khormaee55:01
Totally. You might as well just buy OpenAI or Anthropic directly. Just go direct if that's all it is.
Chen Zamir55:04
Yeah, yeah, and good luck with that as well. Then we talked about teams who build. We talked about deploying locally, fully agree, much easier, especially in you know regulated environments like banks and fintechs, much much easier. We talked about obviously data lake access, that's a given one. And lastly, and I think this is kind of you know, a general
Cy Khormaee55:09
Yes.
Chen Zamir55:32
tip or a general takeaway for everybody, including our mothers, just you know, just get more comfortable with AI. That's going to be what we're all going to use for work, life, every day. Yeah. Cy, super, super interesting. I want to thank you. I'm sure that a lot of our listeners got a lot of very interesting insights out of this conversation.
Cy Khormaee55:59
Chen, I really appreciate it. It was always a pleasure to talk with you and always pleasure to partner with Sardine too. So we're excited to do more together, excited to be joined together as fellow fraud fighters and anything I can do to help folks in the audience fight fraud, I'm always down.
Chen Zamir56:12
Right on, man. I love it. Awesome. Folks, thank you very much for joining us today and I see you next Saturday.
View full transcript
